Too many connection on port 135 and some security questions

[Fabrizio]

Hi all, I've Windows XP... using "netstat -n" command I can see too many
active connection on port 135 from the same range of IP... look at this
table! My pc was running only the messenger, a web page and listening in the
lan!

---------------------------------------------------------------------------
---
Proto Local address Remote address State
TCP 80.117.13.90:135 64.198.2.130:4597 ESTABLISHED
TCP 80.117.13.90:135 68.248.140.2:3469 ESTABLISHED
TCP 80.117.13.90:135 80.116.12.173:3561 ESTABLISHED
TCP 80.117.13.90:135 80.116.69.126:1623 ESTABLISHED
TCP 80.117.13.90:135 80.116.93.52:4728 ESTABLISHED
TCP 80.117.13.90:135 80.116.98.2:4721 ESTABLISHED
TCP 80.117.13.90:135 80.116.101.31:4751 ESTABLISHED
TCP 80.117.13.90:135 80.116.117.70:4147 ESTABLISHED
TCP 80.117.13.90:135 80.116.119.137:4479 ESTABLISHED
TCP 80.117.13.90:135 80.116.138.199:3122 ESTABLISHED
TCP 80.117.13.90:135 80.116.142.30:1532 ESTABLISHED
TCP 80.117.13.90:135 80.116.163.77:1546 ESTABLISHED
TCP 80.117.13.90:135 80.116.171.13:2779 ESTABLISHED
TCP 80.117.13.90:135 80.116.172.112:3165 ESTABLISHED
TCP 80.117.13.90:135 80.116.183.71:4441 ESTABLISHED
TCP 80.117.13.90:135 80.116.201.102:4521 ESTABLISHED
TCP 80.117.13.90:135 80.116.203.20:4043 ESTABLISHED
TCP 80.117.13.90:135 80.116.220.204:4126 ESTABLISHED
TCP 80.117.13.90:135 80.116.221.206:3486 ESTABLISHED
TCP 80.117.13.90:135 80.116.223.175:4067 ESTABLISHED
TCP 80.117.13.90:135 80.116.224.225:1729 ESTABLISHED
TCP 80.117.13.90:135 80.116.225.142:4845 ESTABLISHED
TCP 80.117.13.90:135 80.116.231.26:1446 ESTABLISHED
TCP 80.117.13.90:135 80.116.232.199:4543 ESTABLISHED
TCP 80.117.13.90:135 80.116.234.167:3613 ESTABLISHED
TCP 80.117.13.90:135 80.116.247.234:1064 ESTABLISHED
TCP 80.117.13.90:135 80.116.248.43:4140 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.73:4743 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.226:2449 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.232:3931 ESTABLISHED
TCP 80.117.13.90:135 80.116.252.100:3893 ESTABLISHED
TCP 80.117.13.90:135 80.116.253.15:4417 ESTABLISHED
TCP 80.117.13.90:135 80.116.253.57:3588 ESTABLISHED
TCP 80.117.13.90:135 80.116.255.84:4986 ESTABLISHED
TCP 80.117.13.90:135 80.117.0.35:1347 ESTABLISHED
TCP 80.117.13.90:135 80.117.2.51:3914 ESTABLISHED
TCP 80.117.13.90:135 80.117.2.110:4252 ESTABLISHED
TCP 80.117.13.90:135 80.117.3.40:2070 ESTABLISHED
TCP 80.117.13.90:135 80.117.4.188:3816 ESTABLISHED
TCP 80.117.13.90:135 80.117.4.219:3829 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.23:3782 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.23:3806 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.139:4823 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.21:4189 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.92:2433 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.127:4024 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.127:4044 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.162:2158 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.162:2178 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.228:4160 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.228:4181 ESTABLISHED
TCP 80.117.13.90:135 80.117.21.36:1789 ESTABLISHED
TCP 80.117.13.90:135 80.117.21.206:3256 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.59:4857 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.99:4276 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.103:4006 ESTABLISHED
TCP 80.117.13.90:135 80.117.23.239:3667 ESTABLISHED
TCP 80.117.13.90:135 80.117.23.248:3776 ESTABLISHED
TCP 80.117.13.90:135 80.117.25.65:1965 ESTABLISHED
TCP 80.117.13.90:135 80.117.27.170:3744 ESTABLISHED
TCP 80.117.13.90:135 80.117.28.36:2029 ESTABLISHED
TCP 80.117.13.90:135 80.117.28.69:1482 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.83:2062 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.211:1178 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.246:2033 ESTABLISHED
TCP 80.117.13.90:135 80.138.33.94:1593 ESTABLISHED
TCP 80.117.13.90:445 80.117.222.195:3776 ESTABLISHED
TCP 80.117.13.90:3029 207.46.106.88:1863 ESTABLISHED
TCP 80.117.13.90:4436 212.110.12.173:80 ESTABLISHED
TCP 80.117.13.90:4437 212.110.13.98:80 ESTABLISHED
TCP 80.117.13.90:4438 213.152.192.212:80 ESTABLISHED
----------------------------------------------------------------------------
--

135 is the epmap port... used also by blaster... but i'm not infected... are
those others infected pc attacks?
note that my Sygate Personal Firewall Pro blocks lots of attacks day by day
(about 3000/day!!)

Furthermore I've tried to make a security scan on the the Sygate web site
with my firewall turned off and I can see that I've the 8, 135, 139
(netbios), 445, 5000 (UPnP) ports opened!

So these are my questions:
Turning down UPnP service what's happen to my system?
Where can I disable Netbios?
If I disable Netbios my little LAN (2 pc with a cross cable) could have some
problem?
What can I do for 8, 135 and 445?

Thanks a lot, sorry for the long post (and sorry for posting in Italian
))!
Cya
Fabrizio

 

[Guest]

UPNP (Universal Plug and Play)on a home computer is
nothing but a security risk and should be disabled.It is
similar to plug and play except it connects to other
computers instead of keyboards,mouse and monitors like
PNP. You can disable it by going to control panel>admin
tools>services.Scroll down until you find UPNP
click "stop service" then right click on it and bring up
properties and select diable.
Do not confuse this with PNP you want that set to
automatic.Also you might consider getting a good firewall.

 

[Roger Abell [MVP]]

You likely are not using UPnP.
If you are, and you disable its two services, you will know as
some network connected device will become inaccessible.

Here is what I would suggest that you try for your net config.
In the network interface properties for your external connection
to the world uncheck MS Networking and File and Print, and
then turn on the firewall on that interface.
On the interface for your cross-over, leave the NetBT related
bindings checked so you can share there.
(r-click My Computer, then r-Click the interfaces in right panel)

 

[Guest]

Goto techtv web site and do a search for "DCOMBOBULATOR" this little utility will solve all of your problems. It will stop the Mblaster, Welchia. and many other viruses. Now the MS butt lickers will tell you DCOM and port 135 is critical but it is not. Just download the file and do your own research and make up your own mind. BTW I DECOMBOBULATED abd do not run any resource hogging AV program and going on 4+ years virus free

CT

 

[Fabrizio]

thanks!!! happy new year!